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- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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DETAILED ACTION 

1 . Claims 1 -24 have been examined. 

Claim Objections 

2. Claim 1 1 is objected to because of the following informalities: Claim 1 1 refers to 
itself, namely 'The system of Claim 11". Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described In a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent In the United 
states. 

3. Claims 1-9 are rejected under 35 U.S.C. 102(e) as being anticipated by Davis et al., 
US Patent 6,282, 522 B1. 

Regarding claim 1 - 

• Wherein said repository server system includes a data store that stores user data - 
"Data store 64 controls the storage of purchase transactions and totals" (Column 4, 
lines 60-61) 

• Wherein said repository server system provides said Web page form with a clickable 
user interface control as served to said user computer system, said control including 
a user data request, issuable by said user computer system and corresponding to 
said Web page form - "Also, the user interface provides instructions and/or buttons 
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for the customer to interact with terminal application 60 in order to purchase goods 
and/or Services" (Column 4, lines 40-43) 
• Wherein said repository server system is responsive to said user data request to 
provide a user data response, corresponding to said user data request, to said user 
computer system - "Also, the user interface provides instructions and/or buttons for 
the customer to interact with terminal application 60 in order to purchase goods 
and/or Services" (Column 4, lines 40-43) 

Regarding claims 2 and 3 - claim 1 wherein said user data request identifies a mapping 
between data stored by said data store and said web page form - "Each transaction 
initiated by a user has a transaction identifier .... Merchant server 208 generates a 
unique identification of the transaction, completes other required parameters, encrypts 
as appropriate, and builds an HTML page and sends it to the client terminal" (Column 
13, lines 58-67) 

Regarding claim 4 - claim 3 wherein the data requirements of said Web page for are 
defined independent of the form of said user data as stored by said repository server 
system and wherein said repository server system provides said user data in 
conformance with said user data request - Davis discloses, "Merchant server 208 may 
include databases, CGI scripts and back-office programs that produce HTML pages for 
an Internet user" (Column 13, lines 52-54) and "In step 606 the merchant server builds 
an HTML page that includes the following client applet parameters:... "(Column 15, lines 
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36+). The "Web pages" (HTML) are created by the CGI scripts and/or back-office 
programs independent of the user forms that are generated upon a user's request. 

Regarding claim 5 - 

a) Encoding a specification of client requested user data in a Web page served, by 
the request of a user, from a client server to a user computer system, wherein said 
specification defines a non-identity named data correspondence between said client 
requested user data and user data stored by said repository server - "The client 
module interacts 235 with the stored-value card and builds a draw request message 
containing related card information, the purchase amount, and other information 
supplied by the merchant server" (Column 13, line 67 - Column 14, line 3) 

b) Enabling said user to issue, by a single click, a data request including said 
specification to said repository server - "The user then selects an appropriate button 
on the merchant web site to indicate what the user wishes to purchase" (Column 14, 
lines 47-49) 

c) Providing a data response from said repository server providing user data 
consistent with said specification - "Next, in step 510 the user receives s a total sale 
amount from the merchant server..." (Column 14, lines 49-50) 
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Regarding claim 6-9, Davis discloses "Most often, a card has a card number that is 
associated with the consumer's name in a database on the Web server. This card 
number is transmitted to the Web server as part of the card signature, or in a similar 
fashion. Thus, an authenticated card used in this embodiment to redeem services may 
be matched to the appropriate consumer" (Column 25, lines 8-13) 

Claims 10 and 1 1 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Shafron et al., Patent Publication No. 2002/0186255 A1 , hereafter referred to as 
Shafron. 

Regarding claim 10 - Shafron discloses: 

Wherein said coded message includes a partner site identification ("A supported 
merchant file contains a list of all supported merchants, including their respective 
Internet address" - Paragraph 133) provided from said partner side, a user account 
identification ("the user's first name is identified as 'contactFirstName' - Paragraph 139) 
and a mapped identification of partner-side field to be filled ("Thus, the present 
invention maps the fields in the wallet database to the fields in the supported merchant 
file" - Paragraph 139), said repository server providing for the verification of said 
partner site identification and said user account identification - "The shopping assistant 
code also compares the intercepted Internet address with the Internet addresses of 
supported merchants by comparing the intercepted address with a supported merchant 
file containing Internet addresses of supported merchants" (Paragraph 128) and "The 
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server 102 compares the user data (e.g., ID and SK) with data previously stored in that 
user's wallet on the wallet database 106" (Paragraph 143) 

• Wherein said repository server selectively generates a second coded message 
directed to said partner-site containing login information appropriate to complete the 
logon of said user onto said partner site - "The user's wallet is securely transmitted 
by the server 102" (Paragraph 144, line 10+) 

Regarding claim 1 1 - As understood to refer to claim 10, wherein said repository server 
operates to validate said user account identification against information held by said 
repository server specific to said user and said partner site identification against 
information held by said repository server specific to said parent site and where said 
repository server generates said second coded message based on information held in 
said user account that correlates to said partner site - 'The server 1 02 compares the 
user data (e.g., ID and SK) with data previously stored in that user's wallet on the wallet 
database 106..." (Paragraph 143) 

4. Claims 12-14, 16-18, 20-24 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Haverstock et al, US Patent No. 6701376, hereafter referred to as 
Haverstock. 
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Regarding claim 12 - 

a) First providing, in response to the activation of a control associated with a Web page 
served to a user computer system provided by said partner site computer system, a 
coded request message for confidential information to a predefined repository server 
system - 'The server receives a URL-based request for a non-HTML object (e.g., 
document or database) from a web browser via a HTTP server" (Column 3, Lines 48- 
50) 

b) Second providing, in response to receipt of said coded request message, a 
response message from said predefined repository server system containing a release 
set of confidential user information to said user computer system - "The interface 
module transmits the request to a non-HTML server module." (Column 3, Lines 54+) 



Regarding claims 13 and 14 - Haverstock discloses, "When a system user "clicks" on 
the representation, a URL request for that view is transmitted to HTTP server module 
30" (Column 14, lines 67+) 



Regarding claim 16 - Haverstock discloses: 

a) Providing, from a client computer system to a user computer system, a coded 
request for first user data associated with a Web page - "The server receives a URL- 
based request for a non-HTML object (e.g., document or database) from a web 
browser via a HTTP server"' (Column 3, Lines 48-50) 
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b) Forwarding said coded request, selectively based on action performed on said user 
computer system relative to said Web page, to a data repository system - "The 
interface module transmits the request to a non-HTML server module," (Column 3, 
Lines 54+) 

c) Receiving, by said user computer system, a coded response from said data 
repository system including second user data - "The interface module translates the 
non-HTML object to a HTML object, and passes it to the HTTP server module" 
(Column 3, lines 58+) 

d) Providing, by said user computer system, said second user data to said client 
computer system relative to said Web page - The HTTP server module transfers the 
HTML object to the web browser which presents the HTML object (Column 3, lines 
60+) 

Regarding claims 17 and 18 - Haverstock discloses: ''the system comprises a novel 
web server for a client/server network and a terminal comprising a standard web 
browser" (Column 3, lines 41 +) and "When a system user "clicks" on the 
representation, a URL request for that view is transmitted to HTTP server module 30" 
(Column 14, lines 67+) 



Regarding claim 20 - 
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a) Issuing, in response to a single user click on a user interface control provided on a 
Web page served from a client computer system, a user data request determined by 
said client computer system specific to said Web page from said user computer system 
to a data repository system over said communications network - "The server receives a 
URL-based request for a non-HTML object (e.g., document or database) from a web 
browser via a HTTP server" (Column 3, Lines 48-50) 

b) Returning, subject to the secure identification of said client computer system and 
said user computer system relative to said user data request, user data corresponding 
to said user data request - The HTTP server module transfers the HTML object to the 
web browser which presents the HTML object (Column 3, lines 60+) 

Regarding claim 21 - "For example, a document may contain certain fields that are 
access controlled, whereby, depending on who the user is (e.g., based on the user's 
role) one or another field may be displayed. If a user's role changes (e.g., access 
privileges revoked), dynamic generation allows the system to update a user's role with 
the current privileges and restrict access as required" (Column 7, lines 49+) 

Regarding claims 22-24 - Haverstock discloses, "Before a system user is granted 
access to an object within the system, the system may authenticate the system user.... 
If the identification and password do not match the identification and password stored 
in the system, the system user is not authenticated and access is denied" (Column 7, 
lines 33-40" 
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Claim Rejections - 35 USC § 103 



The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth In this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



5. Claims 15 and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable over 



Haverstock in view of Wood et al, US Patent 6,668,322 B1 , hereafter referred to as 



Regarding claims 15 and 19- While Haverstock discloses, "Authentication: Confirming 
who a user is with user names and passwords via a directory" (Column 7, lines 62+), 
however, Haverstock does not explicitly teach authenticating across partner sites. 
Wood teaches an access system where "Session credentials are used to maintain 
continuity of a persistent session across multiple accesses to one or more information 
resources, and in some embodiments, across credential level changes" (Abstract). It 
would have been obvious to one of ordinary skill in the art at the time of invention to 
further extend Haverstock's teachings to include the specifics of persistence across 
multiple resources. This action provides a uniform security policy across a set of 
resources and creates a single integrated enterprise from among the partner sites (see 
Wood, Col. 1, lines 58 -65) 



Wood. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Laurent L Trieu whose telephone number is 703-305- 
0712. The examiner can normally be reached on M-F 8AM-4PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Greg Morse can be reached on 703-308-4789. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

LLT 14 May 2004 
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